mhr-cfw-domain-fronting-relay
Fail
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a software repository from an unverified GitHub account (denuitt1/mhr-cfw). This introduces unvetted code into the local environment that has not been audited for safety.
- [REMOTE_CODE_EXECUTION]: Users are instructed to execute scripts from the untrusted repository using commands like python3 main.py, bash start.sh, and start.bat. This grants third-party code execution privileges on the user's system.
- [EXTERNAL_DOWNLOADS]: The installation instructions suggest using an unofficial PyPI mirror (mirror-pypi.runflare.com). Using non-standard package registries presents a supply chain risk, as the integrity of the downloaded packages cannot be guaranteed.
- [COMMAND_EXECUTION]: Automated analysis flagged a command sequence that pipes the output of a network request directly into the Python interpreter (curl ... | python3). While the skill specifies using the json.tool module, the execution pattern itself is a high-risk practice if the remote source is compromised.
- [COMMAND_EXECUTION]: The configuration guide provides instructions for disabling SSL certificate verification (verify_ssl: false). This practice bypasses critical transport security and leaves the user vulnerable to Man-in-the-Middle (MitM) attacks.
Recommendations
- HIGH: Downloads and executes remote code from: http://127.0.0.1:8085 - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata